Question & Answer
Question
Users created with the -no-password-policy parameter are seeing following message when trying to change their password : "HPDIA0305W Password rejected due to the xxxx policy".
Cause
the -no-password-policy is only to be used for an administrator to set a bogus initial password which does not have to adhere to the global password rules.
Answer
Consider following example where a global TAM / ISAM policy is used:
pdadmin sec_master> policy set min-password-non-alphas 2
pdadmin sec_master> policy get min-password-non-alphas
Minimum password non-alphabetic characters: 2
When creating a user, it's password must adhere to the password policy.
pdadmin sec_master> user create testuser1 cn=testuser1,ou=tivsupport,o=ibm,c=com testuser1 testuser1 Passw0rd
Error: HPDIA0305W Password rejected due to the minimum non-alphabetic characters policy. (status 0x13212131)
While if you create the user with -no-password-policy, it does not complain about the policy violation.
pdadmin sec_master> user create -no-password-policy testuser2 cn=testuser2,ou=tivsupport,o=ibm,c=com testuser2 testuser2 Passw0rd
However any subsequent password change request (via pdadmin, wpm, pkmspasswd,....) will need to honor the Global Password Policy (unless a lesser restrictive user policy is applied) , otherwise the user will see following message:
pdadmin sec_master> user modify testuser2 password Passw1rd
Could not perform the administration request
Error: HPDIA0305W Password rejected due to the minimum non-alphabetic characters policy. (status 0x13212131)
Product Synonym
ISAM TAMeB
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21625396